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CLAIMS 

What is claimed is: 

1 . A method of monitoring protocol response codes for a server 
application, the method comprising: 

(a) monitoring protocol response codes in communication data 
between a server application and a client during a session; 

(b) determining a number of protocol response codes during the 
session; and 

(c) comparing the number of protocol response codes to a 
predetermined number. 

2. The method of claim 1, wherein steps (a) - (c) are performed 
transparent to the communication of data between the server application and 
the client. 

3. The method of claim 1, wherein the communication data is 
communication over a network selected from the group consisting of a global 
communication network, a wide area network, a local area network, and a 
wireless network. 

4. The method of claim 1, wherein the communication data 
comprises an application protocol selected from the group consisting of 
hypertext transfer protocols, simple object access protocols, web distributed 
authoring and versioning protocols, simple mail transfer protocols, wireless 
application protocols, file transfer protocols, Internet message access 
protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

5. The method of claim 1, wherein the communication data can 
comprise HTTP requests from the client and HTTP responses from the server 
application. 
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6. The method of claim 1, wherein the server application is 
implemented by a web server. 

7. The method of claim 1, wherein the communication data 
5 comprises only transmission control protocol packets. 

8. The method of claim 1 , wherein the protocol response codes is a 
predetermined response code type. 

10 9. The method of claim 1, wherein the protocol response codes 

comprise response code errors. 

10. The method of claim 1 , wherein step (b) comprises determining 
the number of protocol response codes for a unique session. 

15 

1 1 . The method of claim 1 , wherein step (b) comprises determining 
the number of protocol response codes for a predetermined plurality of 
sessions. 

20 12. The method of claim 1 , wherein step (c) comprises determining 

whether the number of protocol response codes exceeds the predetermined 
number. 

13. The method of claim 12, comprising selectively generating an 
25 alert if the number of protocol response codes exceeds the predetermined 

number. 

14. A system for monitoring protocol response codes for a server 
application, the system comprising: 

30 (a) a network interface operable to monitor communication data 

between a server application and a client during a session; and 
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(b) a detector operable to determine a number of protocol response 
codes during the session, and operable to compare the number 
of protocol response codes to a predetermined number. 

5 15. The system of claim 14, wherein the communication data is 

communication over a network selected from the group consisting of a global 
communication network, a wide area network, a local area network, and a 
wireless network. 

10 16. The system of claim 14, wherein the communication data 

comprises an application protocol selected from the group consisting of 
hypertext transfer protocols, simple object access protocols, web distributed 
authoring and versioning protocols, simple mail transfer protocols, wireless 
application protocols, file transfer protocols, Internet message access 

15 protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

17. The system of claim 14, wherein the communication data can 
comprise HTTP requests from the client and HTTP responses from the server 

20 application. 

18. The system of claim 14, wherein the server application is 
implemented by a web server. 

25 19. The system of claim 14, wherein the communication data 

comprises only transmission control protocol packets. 

20. The system of claim 14, wherein the protocol response codes is a 
predetermined response code type. 

30 
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21. The system of claim 14, wherein the protocol response codes 
comprise response code errors. 

22. The system of claim 14, wherein the detector is operable to 
determine the number of protocol response codes for a unique session. 

23. The system of claim 14, wherein the detector is operable to 
determine the number of protocol response codes for a predetermined plurality 
of sessions. 

24. The system of claim 14, wherein the detector is operable to 
determine whether the number of protocol response codes exceeds the 
predetermined number. 

25. The system of claim 24, wherein the detector is operable to 
selectively generate an alert if the number of protocol response codes exceeds 
the predetermined number. 

26. A computer program product comprising computer-executable 
instructions embodied in a computer-readable medium for performing steps 
comprising: 

(a) monitoring protocol response codes in communication data 
between a server application and a client during a session; 

(b) determining a number of protocol response codes during the 
session; and 

(c) comparing the number of protocol response codes to a 
predetermined number. 

27. The computer program product of claim 26, wherein steps (a) - 
(c) are performed transparent to the communication of data between the server 
application and the client. 
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28. The computer program product of claim 26, wherein the 
communication data is communication over a network selected from the group 
consisting of a global communication network, a wide area network, a local 
area network, and a wireless network. 

5 

29. The computer program product of claim 26, wherein the 
communication data comprises an application protocol selected from the group 
consisting of hypertext transfer protocols, simple object access protocols, web 
distributed authoring and versioning protocols, simple mail transfer protocols, 

1 0 wireless application protocols, file transfer protocols, Internet message access 
protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

30. The computer program product of claim 26, wherein the 
15 communication data can comprise HTTP requests from the client and HTTP 

responses from the server application. 

31 . The computer program product of claim 26, wherein the server 
application is implemented by a web server. 

20 

32. The computer program product of claim 26, wherein the 
communication data comprises only transmission control protocol packets. 

33. The computer program product of claim 26, wherein the protocol 
25 response codes is a predetermined response code type. 

34. The computer program product of claim 26, wherein the protocol 
response codes comprise response code errors. 
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35. The computer program product of claim 26, wherein step (b) 
comprises determining the number of protocol response codes for a unique 
session. 

5 36. The computer program product of claim 26, wherein step (b) 

comprises determining the number of protocol response codes for a 
predetermined plurality of sessions. 

37. The computer program product of claim 26, wherein step (c) 
10 comprises determining whether the number of protocol response codes 

exceeds the predetermined number. 

38. The computer program product of claim 37, comprising selectively 
generating an alert if the number of protocol response codes exceeds the 

15 predetermined number. 

39. A method of monitoring protocol response codes for a server 
application, the method comprising: 

(a) monitoring protocol response codes in communication data 
between a server application and a client associated with server 
data; 

(b) determining a number of protocol response codes for the server 
data; and 

(c) comparing the number of protocol response codes to a 
predetermined number. 

40. The method of claim 39, wherein steps (a) - (c) are performed 
transparent to the communication of data between the server application and 
the client. 

30 



20 



25 
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41. The method of claim 39, wherein the communication data is 
communication over a network selected from the group consisting of a global 
communication network, a wide area network, a local area network, and a 
wireless network. 

5 

42. The method of claim 39, wherein the communication data 
comprises an application protocol selected from the group consisting of 
hypertext transfer protocols, simple object access protocols, web distributed 
authoring and versioning protocols, simple mail transfer protocols, wireless 

10 application protocols, file transfer protocols, Internet message access 
protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

43. The method of claim 39, wherein the communication data can 
1 5 comprise HTTP requests from the client and HTTP responses from the server 

application. 

44. The method of claim 39, wherein the server application is 
implemented by a web server. 

20 

45. The method of claim 39, wherein the communication data 
comprises only transmission control protocol packets. 

46. The method of claim 39, wherein the protocol response codes is a 
25 predetermined response code type. 

47. The method of claim 39, wherein the protocol response codes 
comprise response code errors. 

30 48. The method of claim 39, wherein step (b) comprises determining 

the number of protocol response codes for a unique session. 
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49. The method of claim 39, wherein step (b) comprises determining 
the number of protocol response codes for a predetermined plurality of 
sessions. 

5 50. The method of claim 39, wherein step (c) comprises determining 

whether the number of protocol response codes exceeds the predetermined 
number. 

51. The method of claim 50, comprising selectively generating an 
10 alert if the number of protocol response codes exceeds the predetermined 

number. 

52. A system for monitoring protocol response codes for a server 
application, the method comprising: 

15 (a) a network interface operable to monitor communication data 

between a server application and a client during a session; and 
(b) a detector operable to determine a number of protocol response 
codes for the server data, and operable to compare the number 
of protocol response codes to a predetermined number. 

20 

53. The system of claim 52, wherein the communication data is 
communication over a network selected from the group consisting of a global 
communication network, a wide area network, a local area network, and a 
wireless network. 

25 

54. The system of claim 52, wherein the communication data 
comprises an application protocol selected from the group consisting of 
hypertext transfer protocols, simple object access protocols, web distributed 
authoring and versioning protocols, simple mail transfer protocols, wireless 

30 application protocols, file transfer protocols, Internet message access 
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protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

55. The system of claim 52, wherein the communication data can 
5 comprise HTTP requests from the client and HTTP responses from the server 

application. 

56. The system of claim 52, wherein the server application is 
implemented by a web server. 

10 

57. The system of claim 52, wherein the communication data 
comprises only transmission control protocol packets. 

58. The system of claim 52, wherein the protocol response codes is a 
15 predetermined response code type. 

59. The system of claim 52, wherein the protocol response codes 
comprise response code errors. 

20 60. The system of claim 52, wherein the detector is operable to 

determine the number of protocol response codes for a unique session. 

61. The system of claim 52, wherein the detector is operable to 
determine the number of protocol response codes for a predetermined plurality 

25 of sessions. 

62. The system of claim 52, wherein the detector is operable to 
determine whether the number of protocol response codes exceeds the 
predetermined number. 

30 
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63. The system of claim 62, wherein the detector is operable to 
selectively generate an alert if the number of protocol response codes exceeds 
the predetermined number. 

64. A computer program product comprising computer-executable 
instructions embodied in a computer-readable medium for performing steps 
comprising: 

(a) monitoring protocol response codes in communication data 
between a server application and a client associated with server 
data; 

(b) determining a number of protocol response codes for the server 
data; and 

(c) comparing the number of protocol response codes to a 
predetermined number. 

65. The computer program product of claim 64, wherein steps (a) - 
(c) are performed transparent to the communication of data between the server 
application and the client. 

20 66. The computer program product of claim 64, wherein the 

communication data is communication over a network selected from the group 
consisting of a global communication network, a wide area network, a local 
area network, and a wireless network. 

25 67. The computer program product of claim 64, wherein the 

communication data comprises an application protocol selected from the group 
consisting of hypertext transfer protocols, simple object access protocols, web 
distributed authoring and versioning protocols, simple mail transfer protocols, 
wireless application protocols, file transfer protocols, Internet message access 

30 protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 



10 
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68. The computer program product of claim 64, wherein the 
communication data can comprise HTTP requests from the client and HTTP 
responses from the server application. 

5 69. The computer program product of claim 64, wherein the server 

application is implemented by a web server. 

70. The computer program product of claim 64, wherein the 
communication data comprises only transmission control protocol packets. 

10 

71 . The computer program product of claim 64, wherein the protocol 
response codes is a predetermined response code type. 

72. The computer program product of claim 64, wherein the protocol 
15 response codes comprise response code errors. 

73. The computer program product of claim 64, wherein step (b) 
comprises determining the number of protocol response codes for a unique 
session. 

20 

74. The computer program product of claim 64, wherein step (b) 
comprises determining the number of protocol response codes for a 
predetermined plurality of sessions. 

25 75. The computer program product of claim 64, wherein step (c) 

comprises determining whether the number of protocol response codes 
exceeds the predetermined number. 

76. The computer program product of claim 75, comprising selectively 
30 generating an alert if the number of protocol response codes exceeds the 
predetermined number. 
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77. A method of monitoring an application protocol for a server 
application, the method comprising: 

(a) monitoring an application protocol in communication data 
between a server application and a client; 

(b) monitoring errors in the application protocol; and 

(c) comparing the errors in the application protocol to a 
predetermined criteria. 

78. The method of claim 77, wherein steps (a) - (c) are performed 
transparent to the communication of data between the server application and 
the client. 

79. The method of claim 77, wherein the communication data is 
communication over a network selected from the group consisting of a global 
communication network, a wide area network, a local area network, and a 
wireless network. 

80. The method of claim 77, wherein the communication data 
comprises an application protocol selected from the group consisting of 
hypertext transfer protocols, simple object access protocols, web distributed 
authoring and versioning protocols, simple mail transfer protocols, wireless 
application protocols, file transfer protocols, Internet message access 
protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

81. The method of claim 77, wherein the server application is 
implemented by a web server. 

82. The method of claim 77, wherein the communication data 
comprises only transmission control protocol packets. 
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83. The method of claim 77, wherein the errors comprise malformed 
protocol requests. 

84. The method of claim 77, wherein the application protocol is HTTP. 

85. The method of claim 77, wherein the errors comprise parsing 

errors. 

86. The method of claim 85, wherein the application protocol is HTTP. 



87. The method of claim 77, wherein the errors comprise buffer 
overflows within the application protocol. 

88. The method of claim 87, wherein the application protocol is HTTP. 

89. The method of claim 77, wherein step (c) comprises determining 
whether the errors in the application protocol match the predetermined criteria. 

90. The method of claim 77, comprising selectively generating an 
20 alert if the errors in the application protocol match the predetermined criteria. 

91. A system for monitoring an application protocol for a server 
application, the system comprising: 

(a) a network interface operable to monitor communication data 
25 between a server application and a client during a session; and 

(b) a detector operable to monitor errors in the application protocol, 
and operable to compare the errors in the application protocol to 
a predetermined criteria. 

30 92. The system of claim 91, wherein the communication data is 

communication over a network selected from the group consisting of a global 
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communication network, a wide area network, a local area network, and a 
wireless network. 

93. The system of claim 91, wherein the communication data 
5 comprises an application protocol selected from the group consisting of 

hypertext transfer protocols, simple object access protocols, web distributed 
authoring and versioning protocols, simple mail transfer protocols, wireless 
application protocols, file transfer protocols, Internet message access 
protocols, post office protocols, web services protocols, simple mail transfer 
10 protocols, structured hypertext transfer protocols, and web-mail protocols. 

94. The system of claim 91, wherein the server application is 
implemented by a web server. 

15 95. The system of claim 91, wherein the communication data 

comprises only transmission control protocol packets. 

96. The system of claim 91 , wherein the errors comprise malformed 
protocol requests. 

20 

97. The system of claim 91 , wherein the application protocol is HTTP. 

98. The system of claim 91 , wherein the errors comprise parsing 

errors. 

25 

99. The system of claim 98, wherein the application protocol is HTTP. 

100. The system of claim 91, wherein the errors comprise buffer 
overflows within the application protocol. 

30 
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101. The system of claim 100, wherein the application protocol is 

HTTP. 

1 02. The system of claim 91 , wherein step (c) comprises determining 
5 whether the errors in the application protocol match the predetermined criteria. 

103. The system of claim 91 , comprising selectively generating an alert 
if the errors in the application protocol match the predetermined criteria. 

10 104. A computer program product comprising computer-executable 

instructions embodied in a computer-readable medium for performing steps 
comprising: 

(a) monitoring an application protocol in communication data 

between a server application and a client; 
15 (b) monitoring errors in the application protocol; and 

(c) comparing the errors in the application protocol to a 

predetermined criteria. 

1 05. The computer program product of claim 1 04, wherein steps (a) - 
20 (c) are performed transparent to the communication of data between the server 

application and the client. 

106. The computer program product of claim 104, wherein the 
communication data is communication over a network selected from the group 

25 consisting of a global communication network, a wide area network, a local 
area network, and a wireless network. 

107. The computer program product of claim 104, wherein the 
communication data comprises an application protocol selected from the group 

30 consisting of hypertext transfer protocols, simple object access protocols, web 
distributed authoring and versioning protocols, simple mail transfer protocols, 
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wireless application protocols, file transfer protocols, Internet message access 
protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

5 1 08. The computer program product of claim 1 04, wherein the server 

application is implemented by a web server. 

109. The computer program product of claim 104, wherein the 
communication data comprises only transmission control protocol packets. 

10 

110. The computer program product of claim 1 04, wherein the errors 
comprise malformed protocol requests. 

111. The computer program product of claim 104, wherein the 
15 application protocol is HTTP. 

112. The computer program product of claim 1 04, wherein the errors 
comprise parsing errors. 

20 113. The computer program product of claim 112, wherein the 

application protocol is HTTP. 

114. The computer program product of claim 104, wherein the errors 
comprise buffer overflows within the application protocol. 

25 

115. The computer program product of claim 114, wherein the 
application protocol is HTTP. 

116. The computer program product of claim 104, wherein step (c) 
30 comprises determining whether the errors in the application protocol match the 

predetermined criteria. 
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117. The computer program product of claim 104, comprising 
selectively generating an alert if the errors in the application protocol match the 
predetermined criteria. 

118. A method of monitoring an application protocol for a server 
application, the method comprising: 

(a) monitoring an application protocol in communication data 
between a server application and a client; 

(b) detecting a first protocol method utilized by the application 
protocol; and 

(c) comparing the first protocol method to a predetermined protocol 

r 

method. 

119. The method of claim 118, wherein steps (a) - (c) are performed 
1 5 transparent to the communication of data between the server application and 

the client. 

120. The method of claim 118, wherein the communication data is 
communication over a network selected from the group consisting of a global 

20 communication network, a wide area network, a local area network, and a 
wireless network. 

121. The method of claim 118, wherein the communication data 
comprises an application protocol selected from the group consisting of 

25 hypertext transfer protocols, simple object access protocols, web distributed 
authoring and versioning protocols, simple mail transfer protocols, wireless 
application protocols, file transfer protocols, Internet message access 
protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

30 

-117- 
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122. The method of claim 118, wherein the server application is 
implemented by a web server. 

123. The method of claim 118, wherein the communication data 
5 comprises only transmission control protocol packets. 

1 24. The method of claim 118, wherein the communication method is a 
first encryption strength. 

10 1 25. The method of claim 1 24, wherein the first encryption strength is 

about 40 bit encryption. 

1 26. The method of claim 1 24, wherein the predetermined method is a 
second encryption strength. 

15 

127. The method of claim 126, comprising determining whether the 
second encryption strength is greater than the first encryption strength. 

128. The method of claim 127, comprising generating an alarm if the 
20 second encryption strength is greater than the first encryption strength 

1 29. The method of claim 1 26, wherein the second encryption strength 
is 128 bit encryption. 

25 130. A system for monitoring an application protocol for a server 

application, the system comprising: 

(a) a network interface operable to monitor communication data 
between a server application and a client during a session; and 

(b) a detector operable to detect a first protocol method utilized by 
30 the application protocol, and operable to compare the first 

protocol method to a predetermined protocol method. 
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131. The system of claim 130, wherein the communication data is 
communication over a network selected from the group consisting of a global 
communication network, a wide area network, a local area network, and a 
wireless network. 

5 

132. The system of claim 130, wherein the communication data 
comprises an application protocol selected from the group consisting of 
hypertext transfer protocols, simple object access protocols, web distributed 
authoring and versioning protocols, simple mail transfer protocols, wireless 

10 application protocols, file transfer protocols, Internet message access 
protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

133. The system of claim 130, wherein the server application is 
1 5 implemented by a web server. 

134. The system of claim 130, wherein the communication data 
comprises only transmission control protocol packets. 

20 1 35. The system of claim 1 30, wherein the communication method is a 

first encryption strength. 

1 36. The system of claim 1 35, wherein the first encryption strength is 
about 40 bit encryption. 

25 

1 37. The system of claim 1 30, wherein the predetermined method is a 
second encryption strength. 

138. The system of claim 137, wherein the detector is operable to 
30 determine whether the second encryption strength is greater than the first 

encryption strength. 
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139. The system of claim 138, wherein the detector is operable to 
generate an alarm if the second encryption strength is greater than the first 
encryption strength. 

5 1 40. The system of claim 1 37, wherein the second encryption strength 

is 128 bit encryption. 

141. A computer program product comprising computer-executable 
instructions embodied in a computer-readable medium for performing steps 

10 comprising: 

(a) monitoring an application protocol in communication data 
between a server application and a client; 

(b) detecting a first protocol method utilized by the application 
protocol; and 

15 (c) comparing the first protocol method to a predetermined protocol 

method. 

142. The computer program product of claim 141, wherein steps (a)- 
(c) are performed transparent to the communication of data between the server 

20 application and the client. 

143. The computer program product of claim 141, wherein the 
communication data is communication over a network selected from the group 
consisting of a global communication network, a wide area network, a local 

25 area network, and a wireless network. 

144. The computer program product of claim 141, wherein the 
communication data comprises an application protocol selected from the group 
consisting of hypertext transfer protocols, simple object access protocols, web 

30 distributed authoring and versioning protocols, simple mail transfer protocols, 
wireless application protocols, file transfer protocols, Internet message access 
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protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

145. The computer program product of claim 141, wherein the server 
5 application is implemented by a web server. 

146. The computer program product of claim 141, wherein the 
communication data comprises only transmission control protocol packets. 

10 147. The computer program product of claim 141, wherein the 

communication method is a first encryption strength. 

148. The computer program product of claim 147, wherein the first 
encryption strength is about 40 bit encryption. 

15 

149. The computer program product of claim 147, wherein the 
predetermined method is a second encryption strength. 

150. The computer program product of claim 149, comprising 
20 determining whether the second encryption strength is greater than the first 

encryption strength. 

151. The computer program product of claim 150, comprising 
generating an alarm if the second encryption strength is greater than the first 

25 encryption strength 

1 52. The computer program product of claim 1 49, wherein the second 
encryption strength is 128 bit encryption. 

30 153. A method of monitoring an application protocol for a server 

application, the method comprising: 
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(a) monitoring an application protocol in communication data 
between a server application and a client; 

(b) detecting a first protocol version of the application protocol; and 

(c) comparing the first version to a predetermined protocol version. 

5 

1 54. The method of claim 153, wherein steps (a) - (c) are performed 
transparent to the communication of data between the server application and 
the client. 

10 155. The method of claim 153, wherein the communication data is 

communication over a network selected from the group consisting of a global 
communication network, a wide area network, a local area network, and a 
wireless network. 

15 156. The method of claim 153, wherein the communication data 

comprises an application protocol selected from the group consisting of 
hypertext transfer protocols, simple object access protocols, web distributed 
authoring and versioning protocols, simple mail transfer protocols, wireless 
application protocols, file transfer protocols, Internet message access 

20 protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

157. The method of claim 153, wherein the server application is 
implemented by a web server. 

25 

158. The method of claim 153, wherein the communication data 
comprises only transmission control protocol packets. 

159. The method of claim 153, wherein the application protocol is 
30 secure socket layer (SSL). 
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1 60. The method of claim 1 59, wherein the first protocol version is SSL 
version 2.0. 

161. The method of claim 160, wherein the predetermined protocol 
5 version is SSL version 3.0. 

162. The method of claim 153, comprising determining whether the 
first protocol version matches the predetermined protocol version. 

10 163. The method of claim 162, if the first protocol version does not 

match the second protocol version, generating an alert. 

164. A system for monitoring an application protocol for a server 
application, the system comprising: 

15 (a) a network interface operable to monitor communication data 

between a server application and a client during a session; and 
(b) a detector operable to detect a first protocol version of the 
application protocol, and operable to compare the first version to 
a predetermined protocol version. 

20 

165. The system of claim 164, wherein the communication data is 
communication over a network selected from the group consisting of a global 
communication network, a wide area network, a local area network, and a 
wireless network. 

25 

166. The system of claim 164, wherein the communication data 
comprises an application protocol selected from the group consisting of 
hypertext transfer protocols, simple object access protocols, web distributed 
authoring and versioning protocols, simple mail transfer protocols, wireless 

30 application protocols, file transfer protocols, Internet message access 
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protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

167. The system of claim 164, wherein the server application is 
5 implemented by a web server. 

168. The system of claim 164, wherein the communication data 
comprises only transmission control protocol packets. 

10 169. The system of claim 164, wherein the application protocol is 

secure socket layer (SSL). 

1 70. The system of claim 1 69, wherein the first protocol version is SSL 
version 2.0. 

15 

171. The system of claim 170, wherein the predetermined protocol 
version is SSL version 3.0. 

172. The system of claim 164, wherein the detector is operable to 
20 determine whether the first protocol version matches the predetermined 

protocol version. 

173. The system of claim 172, wherein the detector is operable to 
generate an alert if the first protocol version does not match the second 

25 protocol version. 

174. A computer program product comprising computer-executable 
instructions embodied in a computer-readable medium for performing steps 
comprising: 

30 (a) monitoring an application protocol in communication data 

between a server application and a client; 
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(b) detecting a first protocol version of the application protocol; and 

(c) comparing the first version to a predetermined protocol version. 

1 75. The computer program product of claim 1 74, wherein steps (a) - 
5 (c) are performed transparent to the communication of data between the server 

application and the client. 

176. The computer program product of claim 174, wherein the 
communication data is communication over a network selected from the group 

10 consisting of a global communication network, a wide area network, a local 
area network, and a wireless network. 

177. The computer program product of claim 174, wherein the 
communication data comprises an application protocol selected from the group 

1 5 consisting of hypertext transfer protocols, simple object access protocols, web 
distributed authoring and versioning protocols, simple mail transfer protocols, 
wireless application protocols, file transfer protocols, Internet message access 
protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

20 

1 78. The computer program product of claim 1 74, wherein the server 
application is implemented by a web server. 

179. The computer program product of claim 174, wherein the 
25 communication data comprises only transmission control protocol packets. 

180. The computer program product of claim 174, wherein the 
application protocol is secure socket layer (SSL). 

30 181. The computer program product of claim 180, wherein the first 

protocol version is SSL version 2.0. 
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182. The computer program product of claim 181, wherein the 
predetermined protocol version is SSL version 3.0. 

183. The computer program product of claim 174, comprising 
determining whether the first protocol version matches the predetermined 
protocol version. 

184. The computer program product of claim 183, if the first protocol 
version does not match the second protocol version, generating an alert. 



185. A method of monitoring an application protocol for a server 
application, the method comprising: 

(a) monitoring an application protocol in communication data 
between a server application and a client; 
15 (b) determining whether the application protocol is a valid protocol 

for the server application; and 
(c) if the application protocol is not valid, generating an alert. 

186. The method of claim 185, wherein steps (a) - (c) are performed 
20 transparent to the communication of data between the server application and 

the client. 

187. The method of claim 185, wherein the communication data is 
communication over a network selected from the group consisting of a global 

25 communication network, a wide area network, a local area network, and a 
wireless network. 

188. The method of claim 185, wherein the communication data 
comprises an application protocol selected from the group consisting of 

30 hypertext transfer protocols, simple object access protocols, web distributed 
authoring and versioning protocols, simple mail transfer protocols, wireless 
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application protocols, file transfer protocols, Internet message access 
protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

5 189. The method of claim 185, wherein the server application is 

implemented by a web server. 

190. The method of claim 185, wherein the communication data 
comprises only transmission control protocol packets. 

10 

191. The method of claim 185, wherein the application protocol is a 
non-secure socket layer (SSL) protocol. 

1 92. The method of claim 191, wherein the server application receives 
15 the application protocol at an HTTPS port. 

193. A system for monitoring an application protocol for a server 
application, the system comprising: 

(a) a network interface operable to monitor communication data 
20 between a server application and a client during a session; and 

(b) a detector operable to determine whether the application protocol 
is a valid protocol for the server application, and operable to 
generate an alert if the application protocol is not valid. 

25 194. The system of claim 193, wherein the communication data is 

communication over a network selected from the group consisting of a global 
communication network, a wide area network, a local area network, and a 
wireless network. 

30 195. The system of claim 193, wherein the communication data 

comprises an application protocol selected from the group consisting of 
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hypertext transfer protocols, simple object access protocols, web distributed 
authoring and versioning protocols, simple mail transfer protocols, wireless 
application protocols, file transfer protocols, Internet message access 
protocols, post office protocols, web services protocols, simple mail transfer 
5 protocols, structured hypertext transfer protocols, and web-mail protocols. 

196. The system of claim 193, wherein the server application is 
implemented by a web server. 

10 197. The system of claim 193, wherein the communication data 

comprises only transmission control protocol packets. 

198. The system of claim 193, wherein the application protocol is a 
non-secure socket layer (SSL) protocol. 

15 

1 99. The system of claim 1 98, wherein the server application receives 
the application protocol at an HTTPS port. 

200. A computer program product comprising computer-executable 
20 instructions embodied in a computer-readable medium for performing steps 

comprising: 

(a) monitoring an application protocol in communication data 
between a server application and a client; 

(b) determining whether the application protocol is a valid protocol 
25 for the server application; and 

(c) if the application protocol is not valid, generating an alert. 

201 . The computer program product of claim 200, wherein steps (a) - 
(c) are performed transparent to the communication of data between the server 

30 application and the client. 
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202. The computer program product of claim 200, wherein the 
communication data is communication over a network selected from the group 
consisting of a global communication network, a wide area network, a local 
area network, and a wireless network. 

5 

203. The computer program product of claim 200, wherein the 
communication data comprises an application protocol selected from the group 
consisting of hypertext transfer protocols, simple object access protocols, web 
distributed authoring and versioning protocols, simple mail transfer protocols, 

1 0 wireless application protocols, file transfer protocols, Internet message access 
protocols, post office protocols, web services protocols, simple mail transfer 
protocols, structured hypertext transfer protocols, and web-mail protocols. 

204. The computer program product of claim 200, wherein the server 
15 application is implemented by a web server. 

205. The computer program product of claim 200, wherein the 
communication data comprises only transmission control protocol packets. 

20 206. The computer program product of claim 200, wherein the 

application protocol is a non-secure socket layer (SSL) protocol. 

207. The computer program product of claim 206, wherein the server 
application receives the application protocol at an HTTPS port. 

25 
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